On Tuesday, November 6, 2018, 114 million Americans went to the polls to cast votes for their representatives at the federal, state, and local level. Over the next days and weeks, poll workers across the nation tallied the votes and announced the results, leading to cheers of victory and groans of disappointment. But deciding the winner of an election is not as easy as it seems—historically, some notable corruptions of the process have included news agencies incorrectly calling an election and illegal vote gathering. A much more insidious possibility, however, is a scenario where the vote counting itself is suspect. The dominant strategy for tallying votes is via voting machines, which can be hacked, mis-programmed, or just poorly calibrated. As a result, a fair assessment of an election’s winners and losers must include a post-election statistical procedure to confirm the results.

When you step up to the poll, how can you be sure the machine is accurately counting your vote?

Enter the risk-limiting audit. Pioneered by Philip Stark, professor of statistics and associate dean of mathematical and physical sciences at UC Berkeley, a risk-limiting audit is a statistical procedure that can increase confidence in an election’s result by manually checking just a handful of ballots. Consider the 2018 California gubernatorial election, in which Gavin Newsom won 61.9 percent of the vote to John Cox’s 38.1 percent. Current California law mandates a manual audit of all the votes in a random one percent of precincts (around 125,000 votes), but there aren’t clear guidelines on how to resolve discrepancies. Instead, imagine if officials conducted a risk-limiting audit, specifically, a type called a ballot-polling audit, where ballots are randomly chosen from around the state, and officials hand-check each to see if it was marked for Newsom or Cox. As each vote is counted, confidence in the initial result can increase or decrease. If the first 20 votes are all for Newsom, that is a good indication that Newsom actually won the election; if they’re all for Cox, the results could be suspect.

The procedure also includes a risk limit, instructing officials to stop the audit when confidence in the initial result is high enough. California auditors might choose a risk limit of 10 percent, meaning that if Cox had really won, there is at most a 10 percent chance that the risk-limiting audit would end before statistical evidence for Cox’s victory appeared. In other words, there is at least a 90 percent chance that the audit would proceed to a full hand recount and disprove the initial report of Newsom’s victory. How many ballots would auditors count before reaching this point? Remarkably, if Newsom really had won, they would only need to count an average of 84 ballots! If they had chosen a stricter risk limit of 5 percent or 1 percent, the expected number of ballots is still only 108 and 164, respectively.

While California has been piloting risk-limiting audits in city-level and county-level races for several years, other jurisdictions across the United States have recently started to experiment with these audits as well. In Michigan, the Secretary of State worked with local election offices to run pilot audits in Rochester Hills, Lansing, and Kalamazoo. Kellie Ottoboni, a PhD candidate in statistics at UC Berkeley, traveled to Michigan in December to help run the audit. She led an effort to develop an algorithm called SUITE that combines two types of risk-limiting audits: ballot-polling audits, described above, and ballot-level comparison audits. In a comparison audit, officials compare each ballot to the machine’s interpretation, allowing these audits to be more efficient than ballot-polling audits. The California example above would require checking about 29 ballots at 5 percent risk limit. However, the election infrastructure in Kalamazoo and Lansing only enabled this comparison for absentee ballots, which were about 25 percent of the votes cast (Rochester Hills did not have the capability to do any comparison audits). SUITE allowed auditors to make the process more efficient than a full ballot-polling audit by conducting comparison audits of the absentee ballots and ballot-polling audits of the non-absentee ballots. According to Ottoboni, the audit was successful and engaged dozens of state and local officials. “They were so excited, each city clerk invited like 30 local election officials from other cities in the county, so there were a bunch of people there helping out and observing too, learning about what was going on.”

Statistical methods allow us to ensure the accuracy of our election results—with much less hand counting than other audit methods.

Risk-limiting audits are not a panacea, but they can solve some concerns brought up in recent years regarding electoral malpractice. If voting machines are hacked, audits are a tool to detect incorrect vote reporting. However, a risk-limiting audit cannot be successful with statistics alone; conducting a proper audit requires procedural steps too. Stark, the founder of the method, listed several administrative items that should be coded into law: compliance audits to check the physical paper trail, ballot manifests to keep track of the ballots, voter-verified paper ballots, regulations mandating that initial tallies are done by audit-capable machines, and the risk limit. He emphasized that laws should prioritize public trust by making every step maximally transparent and ensure that “the public is given enough information to check the audit.”

Vetri Velan is a graduate student in physics

Design: Santiago Yori

This article is part of the Spring 2018 issue.